[Openswan Users] Help with site-to-site

Michael Wisniewski wiz561 at gmail.com
Mon Jun 4 09:19:16 EDT 2012 

Hi!

I'm having a problem trying to get this to work, and hoping that somebody
can help.  Here's a little background on what I want to do.  At work, I'm
an admin of a LAN with multiple VLAN's.  Recently, I moved offices and now
we're trunking one of the VLAN's over the company's LAN.  In the past,
these two systems were totally separated from each other.  By trunking it
over the company's equipment, I am subject to some strange restrictions
that are placed, such as MAC address locking and god knows what else.
 Originally, the topology looked like this..

INTERNET -> Linux Gateway/Firewall/NAT/DNS -> VLAN 101, 140, etc.

VLAN 101 = Workstations
VLAN 140 = Servers

Now, the topology looks like this...

INTERNET -> Linux Gateway/Firewall/NAT/DNS -> VLAN 101, 102, 140, etc.

VLAN101 = My private VLAN that's trunked across equipment
VLAN 102 = Workstations
VLAN 140 = Servers

What I want to do is encrypt all the traffic on the 101 subnet to a VPN
server on the 140 vlan.  I have the following setup...

OpenSwan "Right side" is a box I have setup upstairs.  It looks like this...

192.168.105.0/24 (network) -> 192.168.105.5 (eth1 on the openswan box) ->
192.168.101.53 (eth0 on the openswan box)

Then on the "left side" of the setup, I have another openswan box that
looks like this.

192.168.101.20 (eth1) -> openswan box -> 192.168.140.20 (eth0)

What I want to do is set it up so I can plug my machine in on the 105
network, have it get tunneled through the right hand side of the openswan
system, get it encrypted to the 101.20 box, and have that box put my
machine on the 140.0/24 subnet.  Here's my ipsec.conf attempt...

conn net-to-net
        authby=secret
        auto=add
        # left = server side
        left=192.168.101.20
        leftsubnet=192.168.140.0/24
        # right = client (attic)
        right=192.168.101.53
        rightid=192.168.101.53
        rightsubnet=192.168.105.0/24
        rightnexthop=192.168.101.20


What happens is that I think it connects, but on the right side, I don't
get a route put in so it's like nothing works.  I'm sure this is a simple
"site to site" config, but I have no idea what I'm doing.  I'm also using
Ubuntu 12.04 LTS on both machines.

Any help is appreciated.

Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120604/02a94d5a/attachment.html>

More information about the Users mailing list